2024-03-25_1d0700a050b67033e08271ca588af198_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-25_1d0700a050b67033e08271ca588af198_icedid
Size

1.5MB
MD5

1d0700a050b67033e08271ca588af198
SHA1

6f02757d5423e4e0d6137c5596859ebb6e773871
SHA256

7b65b5bb7a9cb080e604d9dbf06eb6eac2ea454b6ff909e494e429b94da267df
SHA512

a487892ca899864ffce69d69467f5330c5e76f8f8def6037c03b7d5615010893ed6c189806455dac6f19501da878224e82ce41a480fee5b151ade48a6ff8e9a8
SSDEEP

12288:do/v8fpEEiYclnJphhYpUVM9ZfXJuvIqBONPZMs6zRtMcGyiID2D7oCW:doH8fpEEbclnnhgUArsO9ZCzTMzmCW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-25_1d0700a050b67033e08271ca588af198_icedid

Files

2024-03-25_1d0700a050b67033e08271ca588af198_icedid
.exe windows:5 windows x86 arch:x86

b948d9c0c6016890c10412c9c330783e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Construct Compile\Runtime\PreviewRelease.pdb

Imports

dinput8

DirectInput8Create

kernel32

GetSystemTimeAsFileTime
RemoveDirectoryA
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
RtlUnwind
VirtualAlloc
HeapReAlloc
HeapSize
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStdHandle
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
GetTickCount
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceA
CreateFileA
WriteFile
CloseHandle
SetCurrentDirectoryA
DeleteFileA
SearchPathA
GetTempPathA
GetLongPathNameA
GetTempFileNameA
CreateDirectoryA
GetLastError
GetModuleHandleA
FreeLibrary
GetSystemInfo
GetModuleFileNameA
GetPrivateProfileStringA
LoadLibraryA
GetProcAddress
QueryPerformanceFrequency
QueryPerformanceCounter
Sleep
GlobalUnlock
GlobalLock
GlobalAlloc
WritePrivateProfileStringA
LocalAlloc
LocalFree
InterlockedExchange
RaiseException
lstrlenA
MultiByteToWideChar
FormatMessageA
GetCurrentProcess
SetEndOfFile
FlushFileBuffers
SetFilePointer
ReadFile
GetOEMCP
GetCPInfo
GetLocaleInfoA
GlobalFlags
lstrcmpA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GetCurrentProcessId
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GetVersionExA
SetLastError
GlobalFree

user32

PostQuitMessage
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ValidateRect
ClientToScreen
DestroyMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetWindowThreadProcessId
GetDC
ReleaseDC
GetSysColorBrush
IsWindowEnabled
RegisterWindowMessageA
WinHelpA
GetCapture
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
RemovePropA
GetFocus
IsWindow
GetForegroundWindow
GetLastActivePopup
GetDlgItem
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
EnableWindow
SetForegroundWindow
PostMessageA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
GetParent
GetSysColor
GetCursorPos
CopyRect
PtInRect
GetDlgCtrlID
SendMessageA
CallWindowProcA
GetMenu
GetWindowLongA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetMenuState
SetWindowsHookExA
ScreenToClient
DefWindowProcA
GetWindowRect
LoadImageA
GetAsyncKeyState
MessageBoxA
SetWindowTextA
SetCursor
LoadCursorA
SetMenu
EnumDisplaySettingsA
GetClientRect
DestroyWindow
LoadIconA
GetSystemMetrics
RegisterClassExA
CreateWindowExA
SetWindowLongA
SetRect
LoadStringA
PeekMessageA
TranslateMessage
GetMenuItemID
GetMenuItemCount
GetSubMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetWindowTextA
ShowWindow
SetWindowPos
DispatchMessageA
GetPropA

gdi32

SetMapMode
PtVisible
RectVisible
TextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
RestoreDC
SaveDC
ExtTextOutA
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
DeleteObject

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

shell32

SHFileOperationA
ShellExecuteA

comctl32

InitCommonControlsEx
ord17

winmm

PlaySoundA

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 525KB - Virtual size: 524KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 890KB - Virtual size: 890KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b948d9c0c6016890c10412c9c330783e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dinput8

kernel32

user32

gdi32

winspool.drv

shell32

comctl32

winmm

oleaut32

Sections

.text Size: 525KB - Virtual size: 524KB

.rdata Size: 132KB - Virtual size: 132KB

.data Size: 12KB - Virtual size: 36KB

.rsrc Size: 890KB - Virtual size: 890KB

.text
Size: 525KB - Virtual size: 524KB

.rdata
Size: 132KB - Virtual size: 132KB

.data
Size: 12KB - Virtual size: 36KB

.rsrc
Size: 890KB - Virtual size: 890KB